The Cost of Cybersecurity & Impact of Cybercrime

Published September 18, 2023
by Dave Stenger

A strong cybersecurity posture backed by a secure infrastructure and robust protection tools is not inexpensive. While the proactive costs of cybersecurity can be high, they pale in comparison to those associated with disrupted operations, reactive recovery efforts, and the loss of citizen trust. Unfortunately, budget-conscious organizations within the public sector, as well as small to medium-sized enterprises in the private sector, have become quite susceptible to cyberattacks. In addition to the costs and implications of cybersecurity within their organization, tech providers interested in securing government contracts should understand the cybersecurity threats public-sector organizations face each day.

Once considered only a large-organization problem, many smaller organizations are now targets of cybercrime because they have more limited resources to spend on and allocate to cybersecurity defenses. While small and mid-size organizations understand they manage sensitive, highly valuable citizen data, many still believe the chances a cyberattack targets their operations to be slim to none. This notion contributes significantly to placing their organization at a greater direct risk of cybercriminals’ attacks.

Financial Impacts of Cybersecurity Breaches

According to the FBI’s 2022 Internet Crime Report, more than 800,000 reported cybercrime complaints resulted in more than $10 billion in losses—and that doesn’t include what’s likely to be a large volume of unreported or undetected cases.

Cybersecurity Ventures and Cybercrime Magazine predict global cybercrime costs could grow by 15 percent annually and reach $10.5 trillion by 2025, while Statista estimates international cybersecurity costs will reach $13.82 trillion in 2028.

Financial losses can be significant when a cyberattack destabilizes an organization’s operations, prevents the delivery of essential services, or commands a ransom to return stolen sensitive data. Some organizations opt to pay a demanded ransom, hoping to recover files quickly, but there’s never a guarantee that the offending cybercriminals will hold up their end of the bargain. 

Ransomware costs alone are predicted to exceed $265 billion by 2031. Beyond any agency downtime or ransom payment, recovery costs include the necessary investment to build a new system that isn’t susceptible to another breach.

Additionally, organizations may face legal and regulatory penalties for failing to protect customer data, as well as potential lawsuits from affected individuals. The total costs and impact felt are difficult to calculate for many public-sector cyberattacks. Among a handful of examples of ransomware’s impact on the public sector from the Cybersecurity and Infrastructure Security Agency is one US city whose service restoration costs reached more than $9 million.

Reputational Costs as a Result of Cyberattacks

Citizens and consumers trust organizations to safeguard sensitive information and keep their private data private. A cyber incident can severely damage an organization’s reputation and erode customer trust. News of a data breach or security breach can lead to negative media coverage, customer churn, and difficulty attracting new customers.

In the event of a breach, it’s critical for organizations to effectively and transparently communicate with all affected individuals. 

Giving prompt notification, including the date and extent of the breach, the type of data involved, and the specific areas or systems impacted, shows commitment to transparency and allows the individuals affected to take necessary precautions. Poor communication or a lack of timely and frequent public updates increases costs by exacerbating distrust and further damaging an organization’s reputation.

Cybercrime’s Impact on Public Health and Safety

Advanced cybersecurity threats can have dire consequences for citizens’ health and safety by impacting critical infrastructure, healthcare systems, and their personal well-being.

Critical infrastructure sectors such as energy, transportation, and water systems all rely on networked systems and technology. Cyberattacks targeting these sectors can disrupt essential services and lead to public safety risks, economic damage, and potential threats to human life.

In 2020 the Associated Press reported the death of a German woman as the first resulting from a ransomware attack. The cyberattack gradually crashed hospital systems, staff couldn’t access data, and a patient requiring urgent admission died after she had to be taken to another city for treatment.

Public hospitals and healthcare providers are often attractive targets to greedy cybercriminals due to the massive amounts of patient personal information and health records in their data systems. Large, highly networked providers can be attractive gateways for hackers to access a treasure trove of data across multiple organizations if the right major system is targeted. Even smaller healthcare operators accumulate a sizable sum of information over time, and many are often more vulnerable to a breach through outdated systems or a lack of in-house cybersecurity staff. 

Effects on patient care are typically an indirect or even unintended consequence of a cyberattack, not its primary goal. Health records represent big business on the black market, and even just one breach can mean a lucrative payday. Cybercrime Magazine cited a 2021 report saying patient health records can be valued at up to $250 per individual record. 

Many modern medical devices, such as pacemakers, insulin pumps, and implantable devices, are connected to networks and can be vulnerable to cyberattacks themselves. Compromised medical devices can pose devastating risks to patient safety, leading to potential harm or even loss of life.

While many cybersecurity costs are rising for providers and organizations fending off threats, it’s only becoming easier and less expensive for malicious actors to acquire the resources or skills necessary to mount a potentially devastating cyberattack on public-sector organizations. 

For organizations that have fallen victim to cybercrime, the initial dollar cost of a cyberattack is just the tip of the iceberg. The long-term costs can be devastating, either through direct costs or reputational fallout, and some organizations may never fully recover.

Cybercrime Costs From Newer Technologies

Newer technologies such as cryptocurrency have opened a whole new world to cybercriminals. Cryptocurrencies quickly became cybercriminals’ payment methods of choice thanks to varying levels of anonymity, tough traceability, and a lack of regulation or oversight. Cybersecurity researcher and publisher Cybersecurity Ventures predicts global crypto-crime costs could grow by 15 percent annually, costing the world $30 billion by 2025.  

Investment scams were the costliest scheme reported to the Internet Crime Complaint Center in 2022, with crypto-investment scams skyrocketing to unprecedented losses and victims affected. Reported cryptocurrency investment fraud increased more than 180 percent from 2021 to 2022, reaching $2.57 billion.

While cryptocurrency advocates maintain it holds great promise in an expanding and decentralized global marketplace, it also presents near-limitless new financial opportunities for cybercriminals to exploit.

Contact RAMPxchange

The RAMPxchange marketplace helps public-sector agencies and organizations connect with private-sector providers committed to a strong cybersecurity posture. Contact us today to join the coalition.